Steve, Thank you! That worked.
That option doesn't exist in the man page for s_server (1.0.1 2013-06-04) for me, so this may be a documentation bug then? Thanks again! Jim On 08/06/2013 10:46 AM, Stephen Henson via RT wrote: > On Fri Aug 02 10:23:23 2013, j...@jimkeener.com wrote: >> With -verify and -Verify I believe that the server should reject the >> connection if the certificate isn't signed by a valid CA. Is there a way >> to emulate such behaviour, or is there a reason that this behaves in >> such a manner? >> > The -verify and -Verify options just decide if a certificate should be request > and if the client must use a certificate. For debugging purposes, by default, > the connection continues if the chain doesn't verify. If you use the option > -verify_return_error the connection should fail. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org